How BYOD Puts Everyone at Legal Risk

If your BYOD policy goes too far, you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD.

By
Thu, November 21, 2013

CIO — If your BYOD user policies are too strict, then you might be running afoul of the law.

BYOD Policies

The General Counsel of the National Labor Relations Board (NLRB), a group tasked with the investigation and prosecution of unfair labor practice cases, is taking aim at newfangled social and BYOD company policies that violate Section 7 of the National Labor Relations Act.

In a case last year, the NLRB made the unprecedented argument that an at-will employment policy could "chill an employee's ability to communicate with others about wages, hours and working conditions or to engage in otherwise protected activity."

Heather Egan Sussman, a lawyer at McDermott Will & Emery, says she has seen at least three reports issued by the General Counsel over the last few years concerning cases where prosecuted companies wrote overly broad policies or policies that went too far. While these reports were mostly directed toward social media, they can apply toward BYOD polices as well.

"Judges assume companies have the capability to preserve and collect all information created in connection with work that relates to litigation. They won't be happy to hear that such information exists but the company doesn't have access or authority to it, because there wasn't employee consent written into the BYOD policy."

The General Counsel's focus on confidentiality policies is causing companies to re-think their BYOD policies, says Sussman, "out of fear of prosecution."

BYOD Policies Get Down to Detail

It's an odd reversal of sorts. The first iterations of BYOD user policies erred on the side of simplicity and vagueness, merely suggesting user behavior instead of providing hard-and-fast rules. They consisted of generalizations about what companies and employees can and cannot do. These BYOD policies were practically useless when called upon for ediscovery or when employees raised privacy concerns.

Then the lawyers got involved. They helped companies draft lengthy documents covering all sorts of scenarios, including legal cases for ediscovery. BYOD policies ballooned to a dozen pages. These policies weighed heavily in favor of a company's right to monitor, access, review and disclose company or other data on BYOD mobile phones and tablets, and gave short shrift to an employee's expectation of privacy.

Now the pendulum is swinging back.

The General Counsel appears to be toughening up on corporate policies that attempt to control an employee's use of the Internet, BYOD or social media. There's concern that companies are exceeding the scope of the their authorization and potentially violating the National Labor Relations Act. While the General Counsel is not the deciding body, Sussman says, its reports can guide companies in drafting lawful BYOD policies that steer clear of prosecution.

Continue Reading

Our Commenting Policies